Merge branch 'main' into DOCS-906

Author: kimsauce

.clabot

@@ -187,7 +187,8 @@
     "Apoorvkudesia-sumologic",
     "ntanwar-sumo",
     "aj-sumo",
-    "samiura"
+    "samiura",
+    "naveenrama"
   ],
   "message": "Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please [sign your name here](https://forms.gle/YgLddrckeJaCdZYA6) and we will add you to our approved list of contributors.",
   "label": "cla-signed",

blog-service/2025-07-31-apps.md

@@ -11,5 +11,11 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 ### Enhancements
 
-- **Updated OpenTelemetry apps**. [Oracle - OpenTelemetry](/docs/integrations/databases/opentelemetry/oracle-opentelemetry/), [SQL Server - OpenTelemetry](/docs/integrations/microsoft-azure/opentelemetry/sql-server-opentelemetry/), and [SQL Server for Linux - OpenTelemetry](/docs/integrations/microsoft-azure/opentelemetry/sql-server-linux-opentelemetry/).
-- **Updated 1 Webhook app**. [Sentry](/docs/integrations/webhooks/sentry/).
+- **Updated the following OpenTelemetry apps**:
+  - [Oracle - OpenTelemetry](/docs/integrations/databases/opentelemetry/oracle-opentelemetry/). Updated the dashboards and monitors with new metrics.
+  - [SQL Server - OpenTelemetry](/docs/integrations/microsoft-azure/opentelemetry/sql-server-opentelemetry/). Fixed the collection form bug.
+  - [SQL Server for Linux - OpenTelemetry](/docs/integrations/microsoft-azure/opentelemetry/sql-server-linux-opentelemetry/):
+    - Updated the dashboards and monitors with new metrics.
+    - The app now supports metric collection from both Windows and Linux environments.
+- **Updated the following Webhook app**:
+  - Updated the event types for [Sentry](/docs/integrations/webhooks/sentry/).

blog-service/2025-08-07-collection.md

@@ -0,0 +1,12 @@
+---
+title: AWS IAM Users Source (Collection)
+image: https://help.sumologic.com/img/reuse/rss-image.jpg
+keywords:
+  - c2c
+  - aws-iam-users-source
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+We're excited to announce the release of our new cloud-to-cloud source for AWS IAM Users. This source collects the IAM User Inventory logs from the AWS SDK and sends them to Sumo Logic for streamlined analysis. [Learn more](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/aws-iam-users-source).

blog-service/2025-08-08-collection.md

@@ -0,0 +1,12 @@
+---
+title: GitHub Copilot Source (Collection)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - c2c
+  - github-copilot-source
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+We're excited to announce the release of our new cloud-to-cloud source for GitHub Copilot. This source aims to collect the organization and team metrics logs from the Copilot platform and send them to Sumo Logic for streamlined analysis. [Learn more](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/github-copilot-source).

cid-redirects.json

@@ -2803,6 +2803,7 @@
   "/cid/17343": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/automox-source",
   "/cid/17344": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/smartsheet-source",
   "/cid/20172": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-vulnerability-management-source",
+  "/cid/20173": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/aws-iam-users-source",
   "/cid/19880": "/docs/metrics/metrics-operators/predict",
   "/cid/19881": "/docs/metrics/metrics-operators/accum",
   "/cid/19882": "/docs/metrics/metrics-operators/along",
@@ -2914,6 +2915,7 @@
   "/cid/21333": "/docs/integrations/microsoft-azure/microsoft-defender-for-endpoint",
   "/cid/21039": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vectra-source",
   "/cid/21059": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/onelogin-source",
+  "/cid/27061": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/github-copilot-source",
   "/cid/21041": "/docs/integrations/google/cloud-security-command-center",
   "/cid/21097": "/docs/integrations/saas-cloud/confluent-cloud",
   "/cid/21040": "/docs/manage/manage-subscription/create-and-manage-orgs/create-manage-orgs-service-providers",

docs/cloud-soar/incidents-triage.md

@@ -503,3 +503,7 @@ With the **Report** option, you can create incident reports to share with others
     1. Click **Save**.<br/><img src={useBaseUrl('img/cloud-soar/delivery-2-save-report.png')} alt="Save a report" style={{border: '1px solid gray'}} width="300"/>
 1. Click **Export** to export the report to PDF.
 1. Click **Open** to open available reports.
+
+## Additional resources
+
+Blog: [Want to improve collaboration and reduce incident response time? Try Cloud SOAR War Room](https://www.sumologic.com/blog/want-to-improve-collaboration-and-reduce-incident-response-time-try-cloud-soar-war-room)

docs/cloud-soar/introduction.md

@@ -663,3 +663,15 @@ Let's create a custom automation rule. This rule will pull information from Clou
 1. Leave the other fields as their defaults, then click **Save**. 
 1. As a best practice, you can enable and test the new rule, but then disable it, since it can disrupt your environment. Continue testing your rule until their behavior is expected before deciding to enable it.
 
+## Additional resources
+
+* Blogs: 
+   * [Why you need both SIEM and SOAR to improve SOC efficiencies and increase effectiveness](https://www.sumologic.com/blog/why-you-need-siem-and-soar-to-improve-soc-efficiencies)
+   * [Cloud-native SOAR and SIEM solutions pave the road to the modern SOC](https://www.sumologic.com/blog/cloud-native-soar-and-siem-solutions-pave-the-road-to-the-modern-soc)
+   * [SIEM vs SOAR: Evaluating security tools for the modern SOC](https://www.sumologic.com/blog/soar-vs-siem)
+   * [Overwhelmed: Why SOAR solutions are a game changer](https://www.sumologic.com/blog/overwhelmed-why-soar-solutions-are-a-game-changer)
+   * [How to improve MTTD and MTTR with SOAR](https://www.sumologic.com/blog/how-to-improve-mttd-and-mttr-with-soar)
+   * [How to implement cybersecurity automation in SecOps with SOAR (7 simple steps)](https://www.sumologic.com/blog/how-to-implement-cyber-security-automation-in-secops-with-soar-7-simple-steps)
+* Briefs
+   * [Sumo Logic Cloud SOAR Solutions Brief](https://www.sumologic.com/briefs/sumo-logic-cloud-soar-solutions-brief)
+   * [How to calculate the ROI of Cloud SOAR](https://www.sumologic.com/briefs/how-to-calculate-roi-of-cloud-soar)

docs/cse/administration/mitre-coverage.md

@@ -201,7 +201,9 @@ To find the Cloud SIEM API documentation for your endpoint, see [Cloud SIEM APIs
 
 ## Additional resources
 
-* Blog: [Enhance your cloud security with MITRE ATT&CK and Sumo Logic Cloud SIEM](https://www.sumologic.com/blog/cloud-siem-mitre-attack/)
+* Blogs: 
+   * [Enhance your cloud security with MITRE ATT&CK and Sumo Logic Cloud SIEM](https://www.sumologic.com/blog/cloud-siem-mitre-attack/)
+   * [Unique approaches to MITRE ATT&CK—make the most of its potential](https://www.sumologic.com/blog/mitre-attack-how-sumo-logic-makes-it-work-for-you)
 * Glossary: [MITRE ATT&CK - definition & overview](https://www.sumologic.com/glossary/mitre-attack/)
 * Demo: [MITRE ATT&CK Coverage Explorer](https://www.sumologic.com/demo/cloud-siem-mitre-attack-coverage-explorer/)
 * Cloud SIEM Content Catalog: [Vendors](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/README.md)

docs/cse/automation/about-automation-service-and-cloud-siem.md

@@ -96,3 +96,6 @@ The Automation Service uses the [Cloud SOAR API](/docs/api/cloud-soar/).
 
 Cloud SIEM automation data is retained in accordance with Sumo Logic's policies. For more information, see [Cloud SIEM Data Retention](/docs/cse/administration/cse-data-retention).
 
+## Additional resources
+
+Blog: [Faster security investigation with Cloud SIEM playbooks](https://www.sumologic.com/blog/faster-security-investigation-siem-playbooks)

docs/cse/get-started-with-cloud-siem/about-cse-insight-ui.md

@@ -176,16 +176,20 @@ Involved entities are connected to the primary entity with dashed lines. Entitie
 It's possible for a related entity to both be involved and detected. In that case, it typically be displayed as detected unless it is in a number of the insight's signals.
 :::
 
-How does Cloud SIEM detect entity relationships outside of the insight? Within the time range of the insight, described above, Cloud SIEM searches for related entities in the following normalized record fields:
+How does Cloud SIEM detect entity relationships outside of the insight? Within the time range of the insight, described above, Cloud SIEM searches for related [entities in the following normalized record fields](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/schema/entity_fields.md):
 * `*_command`
+* `*_deployment`
 * `*_domain`
 * `*_email`
 * `*_file`
 * `*_hash`
 * `*_hostname`
 * `*_ip`
 * `*_mac`
+* `*_pod`
 * `*_process`
+* `*_replicaset`
+* `*_resource`
 * `*_url`
 * `*_useragent`
 * `*_username`
@@ -272,3 +276,9 @@ When you select an entity on the page, the right pane displays details about tha
 
 You can access related entity information using the Cloud SIEM API. For more information, see [Cloud SIEM APIs](/docs/cse/administration/cse-apis).
 
+## Additional resources
+
+Demos: 
+* [Cloud SIEM: Complete threat detection, investigation and response demo](https://www.sumologic.com/demo/complete-threat-detection-investigation-and-response-demo)
+* [Cloud SIEM: Insight investigation](https://www.sumologic.com/demo/insight-investigation)
+* [Cloud SIEM: Cloud insights triaging and investigation](https://www.sumologic.com/demo/cloud-insights)